tmp: test review suggestions

11 months ago · 7d366bb8d4
parent 081de1a170
commit 7d366bb8d4
2 changed files with 3 additions and 3 deletions
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@ -5,6 +5,7 @@ on:
    branches:
      - main
      - release/**
+      - zalimeni/enable-security-scans-release--test
  pull_request:
    branches:
      - main
@ -66,7 +67,7 @@ jobs:
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
        with:
          repository: hashicorp/security-scanner
-          token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}  #TODO replace w/ security-provided secret
+          token: ${{ secrets.HASHIBOT_PRODSEC_GITHUB_TOKEN }}  #TODO replace w/ security-provided secret
          path: security-scanner
          ref: main

@ -79,8 +80,6 @@ jobs:

      - name: SARIF Output
        shell: bash
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          cat results.sarif | jq

--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@ -13,6 +13,7 @@
 # See `security-scanner` docs or run with `--help` for scan target syntax.

 container {
+	local_daemon = true
 	dependencies = true
 	alpine_secdb = true